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WHAT IS CLAIMED 

1 . A node of a network running an intrusion detection system, the node 
comprising: 

a central processing unit; 

a memory module for storing data in machine readable format for retrieval and 
execution by the central processing unit; 

a database for storing a plurality of machine-readable network-exploit 
signatures; 

an operating system comprising a network stack comprising a protocol driver, 
a media access control driver and an instance of the intrusion detection system 
implemented as an intermediate driver and bound to the protocol driver and the media 
access control driver. 

2. The node according to claim 1, wherein a frame received on a network 
medium connected to the node is processed by the media access control driver, the 
intrusion detection system receiving the processed frame directly from the media 
access control driver. 

3. The node according to claim 2, wherein the intrusion detection system 
receiving the processed frame is operable to pass the processed frame to the protocol 
driver. 

4. The node according to claim 2, wherein the intrusion detection system 
receiving the processed frame discards the processed frame. 

5. The node according to claim 1, wherein a datagram generated by the 
node is received by the intrusion detection system. 

6. The node according to claim 5, wherein the intrusion detection system 
is operable to pass the datagram to the media access control driver. 
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7. The node according to claim 5, wherein the intrusion detection system 
is operable to discard the datagram. 

5 8. A method of performing intrusion prevention at a node of a network, 

comprising: 

binding a network filter service provider to a media access control driver of a 
network stack of the node; and 

binding the network filter service provider to a protocol driver a the network 
M 10 stack of the node. 

10. The method according to claim 8, further comprising filtering, by the 
+ network filter service provider, all data received by the media access control driver 
111 prior to passing of the data to the protocol driver. 

U 15 

11. The method according to claim 8, further comprising filtering, by the 
N- network filter service provider, all data received by the protocol driver prior to passing 
£7 of the data to the media access control driver. 

20 12. A computer-readable medium having stored thereon a set of 

instructions to be executed, the set of instructions, when executed by a processor, 

cause the processor to perform a computer method of: 

binding a network filter service provider with a media access control driver of 

a network stack of an operating system; and 
25 binding the network filter service provider with a protocol driver of the 

network stack of the operating system. 
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13. The computer readable medium according to claim 12 wherein binding 
the network filter service provider to the media access control driver and to the 
protocol driver occurs upon initialization of the operating system. 



